Remote Code Execution Vulnerability in SAP MaxDB by SAP
CVE-2008-0244

Currently unrated

Key Information:

Vendor: SAP
Status: Maxdb
Vendor: CVE Published:; 12 January 2008

What is CVE-2008-0244?

SAP MaxDB versions 7.6.03 build 007 and earlier contain a vulnerability that allows remote attackers to execute arbitrary commands on the server. This is primarily achieved by exploiting shell metacharacters in commands within the exec_sdbinfo function and others, leading to potentially severe consequences for systems using this database management tool when invoked improperly.

References

http://secunia.com/advisories/28409

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/486039/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2008/0104

vdb-entryx_refsource_VUPEN

EPSS Score

89% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 12, 2008
Vulnerability Reserved
Jan 11, 2008